Dana Blankenhorn's story How far can open source CRM get? has finally pushed me to respond to the many people who have asked "When is the OSI going to stand up to companies who are flagrantly abusing the term 'open source'?" The answer is: starting today. I am not going to start by flaming Dana. As President of the Open Source Initiative, I feel a certain amount of responsibility for stewardship of the open source brand, including both the promotion of the brand as well as the protection of the brand. The topic of "what is really open source and what is not?" has been simmering for quite some time. And until last year the question was trivial to answer, and the answer provided a trivial fix. But things have changed, and its time to regain our turf. I have been on the board of the OSI for more than 5 years, and until last year it was fairly easy for us to police the term open source: once every 2-3 months we'd receive notice that some company or another was advertising that their software was "open source" when the license was not approved by the OSI board and, upon inspection, was clearly not open source. We (usually Russ Nelson) would send them a notice politely telling them "We are the Open Source Initiative. We wrote a definition of what it means to be open source, we promote that definition, and that's what the world expects when they see the term mentioned. Do you really want to explain to your prospective customers 'um...we don't actually intend to offer you these freedoms and rights you expect?'." And they would promptly respond by saying "Wow! We had no idea!" Maybe once or twice they would say "What a novel idea! We'll change our license to one that's approved by you!". Most of the time they would say "Oops! Thanks for letting us know--we'll promote our software in some other way." And they did, until last year. Starting around 2006, the term open source came under attack from two new and unanticipated directions: the first was from vendors who claimed that they have every bit as much right to define the term as does the OSI, and the second was from vendors who claimed that their license was actually faithful to the Open Source Definition (OSD), and that the OSI board was merely being obtuse (or worse) in not recognizing that fact. (At least one vendor has pursued both lines of attack.) This was certainly not the first attack we ever had to repel, but it is the first time we have had to confront agents who fly our flag as their actions serve to corrupt our movement. The time has come to bring the matter into the open, and to let the democratic light of the open source community illuminate for all of us the proper answer. Dana reports correctly when he says:
Then there's open source, the only way in which CRM start-ups can elbow their way into the market today.
And so it is for numerous classes of applications and numerous software markets. But I disagree completely with his next statement, which is logical but also fallacious:
SugarCRM, SplendidCRM and now Centric have proven [sic] there's a place in the market for this (if you read your license carefully).
It is logical precisely because there really is not room in the market for Yet Another Proprietary CRM system. It is fallacious because THESE LICENSES ARE NOT OPEN SOURCE LICENSES. This flagrant abuse of labeling is not unlike sweetening a mild abrasive with ethylene glycol and calling the substance Toothpaste. If the market is clamouring for open source CRM solutions, why are some companies delivering open source in name only and not in substance? I think the answer is simple: they think they can get away with it. As President of the OSI, I've been remiss in thinking that gentle but firm explanations would cause them to change their behavior. I have also not chased down and attempted to correct every reporter who propagates these misstatements (the way that Richard Stallman does when people confuse free software with free beer, or worse--to him--open source). I have now come to realize that if we don't call them out, then they will get away with it (at least until customers realize they've been fooled again, and then they'll blame both proprietary and open source vendors alike; they probably won't be particularly charitable with the press or careless industry analysts, either). If we don't respond to those in the press who fall (or are pushed) into these logical traps, we are betraying the community. So here's what I propose: let's all agree--vendors, press, analysts, and others who identify themselves as community members--to use the term 'open source' to refer to software licensed under an OSI-approved license. If no company can be successful by selling a CRM solution licensed under an OSI-approved license, then OSI (and the open source movement) should take the heat for promoting a model that is not sustainable in a free market economy. We can treat that case as a bug, and together we can work (with many eyes) to discern what it is about the existing open source definition or open source licenses made CRM a failure when so many other applications are flourishing. But just because a CEO thinks his company will be more successful by promoting proprietary software as open source doesn't teach anything about the true value of open source. Hey--if people want to try something that's not open source, great! But let them call it something else, as Microsoft has done with Shared Source. We should never put the customer in a position where they cannot trust the term open source to mean anything because some company and their investors would rather make a quick buck than an honest one, or because they believe more strongly in their own story than the story we've been creating together for the past twenty years. We are better than that. We have been successful over the past twenty years because we have been better than that. We have built a well-deserved reputation, and we shouldn't allow others to trade the reputation we earned for a few pieces of silver. Open Source has grown up. Now it is time for us to stand up. I believe that when we do, the vendors who ignore our norms will suddenly recognize that they really do need to make a choice: to label their software correctly and honestly, or to license it with an OSI-approved license that matches their open source label. And when they choose the latter, I'll give them a shout out, as history shows. Please join me, stand up, and make your voice heard--enough is enough.